{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:28:03Z","timestamp":1773246483893,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030602383","type":"print"},{"value":"9783030602390","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-60239-0_19","type":"book-chapter","created":{"date-parts":[[2020,9,29]],"date-time":"2020-09-29T09:03:14Z","timestamp":1601370194000},"page":"274-289","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":59,"title":["A Data Augmentation-Based Defense Method Against Adversarial Attacks in Neural Networks"],"prefix":"10.1007","author":[{"given":"Yi","family":"Zeng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Han","family":"Qiu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gerard","family":"Memmi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Meikang","family":"Qiu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,9,29]]},"reference":[{"key":"19_CR1","unstructured":"Abadi, M., et al.: Tensorflow: a system for large-scale machine learning. In: 12th $$\\{$$USENIX$$\\}$$ Symposium on Operating Systems Design and Implementation ($$\\{$$OSDI$$\\}$$ 16), pp. 265\u2013283 (2016)"},{"key":"19_CR2","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: International Conference on Machine Learning, pp. 274\u2013283 (2018)"},{"key":"19_CR3","unstructured":"Buckman, J., Roy, A., Raffel, C., Goodfellow, I.: Thermometer encoding: one hot way to resist adversarial examples (2018)"},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39\u201357. IEEE (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Das, N., et al.: Shield: fast, practical defense and vaccination for deep learning using JPEG compression. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 196\u2013204 (2018)","DOI":"10.1145\/3219819.3219910"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Dong, Y., Liao, F., Pang, T., Hu, X., Zhu, J.: Discovering adversarial examples with momentum. arXiv preprint arXiv:1710.06081 (2017)","DOI":"10.1109\/CVPR.2018.00957"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Gao, Y., Xu, C., Wang, D., Chen, S., Ranasinghe, D.C., Nepal, S.: Strip: a defence against trojan attacks on deep neural networks. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 113\u2013125 (2019)","DOI":"10.1145\/3359789.3359790"},{"key":"19_CR8","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"19_CR9","unstructured":"Guo, C., Rana, M., Cisse, M., van der Maaten, L.: Countering adversarial images using input transformations. In: International Conference on Learning Representations (2018)"},{"key":"19_CR10","unstructured":"Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)"},{"issue":"7553","key":"19_CR11","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Liu, Z., et al.: Feature distillation: DNN-oriented JPEG compression against adversarial examples. In: 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 860\u2013868. IEEE (2019)","DOI":"10.1109\/CVPR.2019.00095"},{"key":"19_CR13","unstructured":"Mao, Y., Yi, S., Li, Q., Feng, J., Xu, F., Zhong, S.: A privacy-preserving deep learning approach for face recognition with edge computing. In: Proceedings USENIX Workshop Hot Topics Edge Computing (HotEdge), pp. 1\u20136 (2018)"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372\u2013387. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 582\u2013597. IEEE (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Prakash, A., Moran, N., Garber, S., DiLillo, A., Storer, J.: Deflecting adversarial attacks with pixel deflection. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 8571\u20138580 (2018)","DOI":"10.1109\/CVPR.2018.00894"},{"key":"19_CR18","unstructured":"Qiu, H., Zeng, Y., Zheng, Q., Zhang, T., Qiu, M., Memmi, G.: Mitigating advanced adversarial attacks with more advanced gradient obfuscation techniques. arXiv preprint arXiv:2005.13712 (2020)"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Qiu, H., Zheng, Q., Memmi, G., Lu, J., Qiu, M., Thuraisingham, B.:Deepresidual learning based enhanced JPEG compression in the internet of things. IEEE Trans. Ind. Inf. (2020)","DOI":"10.1109\/TII.2020.2994743"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Qiu, H., Zheng, Q., Zhang, T., Qiu, M., Memmi, G., Lu, J.: Towards secure and efficient deep learning inference in dependable IoT systems. IEEE Internet of Things J. (2020)","DOI":"10.1109\/JIOT.2020.3004498"},{"key":"19_CR21","doi-asserted-by":"crossref","unstructured":"Qiu, M., Qiu, H.: Review on image processing based adversarial example defenses in computer vision. In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity), pp. 94\u201399. IEEE (2020)","DOI":"10.1109\/BigDataSecurity-HPSC-IDS49724.2020.00027"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Rakin, A.S., He, Z., Fan, D.: Bit-flip attack: crushing neural network with progressive bit search. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 1211\u20131220 (2019)","DOI":"10.1109\/ICCV.2019.00130"},{"key":"19_CR23","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1016\/j.neucom.2018.04.027","volume":"307","author":"U Shaham","year":"2018","unstructured":"Shaham, U., Yamada, Y., Negahban, S.: Understanding adversarial training: increasing local stability of supervised models through robust optimization. Neurocomputing 307, 195\u2013204 (2018)","journal-title":"Neurocomputing"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE conference on Computer Vision and Pattern Recognition, pp. 2818\u20132826 (2016)","DOI":"10.1109\/CVPR.2016.308"},{"key":"19_CR25","unstructured":"Szegedy, C., etal.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)"},{"issue":"4","key":"19_CR26","doi-asserted-by":"publisher","first-page":"5817","DOI":"10.1007\/s11042-015-2520-x","volume":"76","author":"Y Tang","year":"2015","unstructured":"Tang, Y., Zhang, C., Gu, R., Li, P., Yang, B.: Vehicle detection and recognition for intelligent traffic surveillance system. Multimedia Tools Appl. 76(4), 5817\u20135832 (2015). https:\/\/doi.org\/10.1007\/s11042-015-2520-x","journal-title":"Multimedia Tools Appl."},{"key":"19_CR27","unstructured":"Tramer, F., Carlini, N., Brendel, W., Madry, A.: On adaptive attacks to adversarial example defenses. arXiv preprint arXiv:2002.08347 (2020)"},{"key":"19_CR28","unstructured":"Tram\u00e8r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Wu, B., Iandola, F., Jin, P.H., Keutzer, K.: Squeezedet: unified, small, low power fully convolutional neural networks for real-time object detection for autonomous driving. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 129\u2013137 (2017)","DOI":"10.1109\/CVPRW.2017.60"},{"key":"19_CR30","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., Yuille, A.: Mitigating adversarial effects through randomization. In: International Conference on Learning Representations (2018)"},{"key":"19_CR31","unstructured":"Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18\u201321, 2018. The Internet Society (2018)"},{"key":"19_CR32","unstructured":"Yang, Y., Zhang, G., Katabi, D., Xu, Z.: Me-Net: towards effective adversarial robustness with matrix estimation. In: International Conference on Machine Learning, pp. 7025\u20137034 (2019)"},{"key":"19_CR33","doi-asserted-by":"publisher","first-page":"45182","DOI":"10.1109\/ACCESS.2019.2908225","volume":"7","author":"Y Zeng","year":"2019","unstructured":"Zeng, Y., Gu, H., Wei, W., Guo, Y.: $$ deep-full-range $$: A deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 7, 45182\u201345190 (2019)","journal-title":"IEEE Access"}],"container-title":["Lecture Notes in Computer Science","Algorithms and Architectures for Parallel Processing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-60239-0_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T02:25:14Z","timestamp":1723688714000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-60239-0_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030602383","9783030602390"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-60239-0_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"29 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICA3PP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Algorithms and Architectures for Parallel Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ica3pp2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.cloud-conf.net\/ica3pp2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"495","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"142","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"305","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}